What is the Archer GRC Incident Reporting Portal?
The Archer GRC Incident Reporting Portal addresses security incident and event reporting requirements for state agencies and institutions of higher education. Each agency and institute of higher education is responsible for assessing the significance of a security incident within its organization and for providing a report to DIR based on the business impact on affected resources and the current and potential technical effect of the incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks).
Is incident reporting a monthly requirement?
Yes. Administrative Rules (1 TAC 202.23/1 TAC 202.73 state: Reports must be sent to DIR on a monthly basis, no later than the nine calendar days after the end of the month. Information shall be reported in the form and manner specified by DIR.
If an agency or institute of higher education does not report after the required date, it will be required to include the information in the next month's report and make note of such submission in the
Comments section of the report.
What defines a security incident or event?
An
incident is an adverse event in or affecting an information system, network, and/or workstation, or the threat of the occurrence of such an event.
An
event is any observable occurrence in a system, network, and/or workstation. Although natural disasters and other non-security-related disasters (power outages) are also called events, the reporting requirements are for IT-security-related events only. A planned outage is NOT considered an incident or event.
How and when are critical incidents reported?
Security incidents that are critical in nature and have a substantial likelihood of being propagated to other systems beyond the control of the agency, should be reported to DIR within 24 hours (in addition to being included in monthly reporting)
For emergency notifications or initial reporting of security incidents meeting 1 TAC 202 criteria, you may
use the Archer GRC Incident Reporting Portal
or call DIR's Computer Security Incident Response Team (CSIRT) at 512-350-3282. The phone is answered 24 hours a day, 7 days a week.
Are reporting instructions and user training available?
Yes. Training is available on the Archer GRC Incident Reporting Portal page of DIR’s website. You may also contact the
GRC Administrator for information about training.
Is the data collected confidential?
Yes. The data collected is not shared with other reporting entities, it is treated as confidential in accordance with
TGC 2059. DIR provides trending reports and metrics to the Legislature during session.
How are user accounts and credentials obtained?
The requesting agency or institution’s Information Resource Manager (IRM) or Information Security Officer (ISO) can submit a support request form through the Archer GRC Incident Reporting Portal.
Can I change my password?
What if I forget my password or lock out my account?
Passwords for the Archer GRC Incident Reporting Portal can be changed at any time by editing your User Profile (scroll down the page until you see the
Change Password option). You may also contact the
GRC Administrator for assistance.